cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-22223,https://securityvulnerability.io/vulnerability/CVE-2024-22223,Dell Unity Vulnerability: OS Command Injection Risk,"An OS Command Injection vulnerability exists in Dell Unity, specifically within the svc_cbr utility. This flaw allows an authenticated malicious user with local access to exploit the vulnerability, potentially leading to the execution of arbitrary operating system commands. The execution would occur with the same privileges as the vulnerable application, posing significant risks to system integrity and security. Users of affected Dell Unity versions are encouraged to apply available security updates to mitigate this vulnerability.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T19:07:05.811Z,0
CVE-2024-22222,https://securityvulnerability.io/vulnerability/CVE-2024-22222,Dell Unity Vulnerability: OS Command Injection Risk,"An OS Command Injection vulnerability has been identified in Dell Unity's svc_udoctor utility. This issue affects all versions prior to 5.4, allowing an authenticated malicious user with local access the potential to exploit the vulnerability and execute arbitrary operating system commands. The implications of this vulnerability include potential unauthorized access and manipulation of the underlying operating system resources, which could compromise the security and integrity of the application. Users of affected Dell Unity products are strongly encouraged to upgrade to the latest version to remediate this vulnerability.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T19:04:21.768Z,0
CVE-2024-22221,https://securityvulnerability.io/vulnerability/CVE-2024-22221,Dell Unity SQL Injection Vulnerability,"
Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information.

",Dell,Unity,4.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-02-12T19:00:21.935Z,0
CVE-2024-22226,https://securityvulnerability.io/vulnerability/CVE-2024-22226,Dell Unity Vulnerability Allows Unauthorized Write Access,"
Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.

",Dell,Unity,6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-02-12T18:55:44.482Z,0
CVE-2024-22225,https://securityvulnerability.io/vulnerability/CVE-2024-22225,Dell Unity Vulnerability: Arbitrary OS Command Execution,"An OS Command Injection vulnerability exists in the svc_supportassist utility of Dell Unity, affecting all versions prior to 5.4. This vulnerability could be exploited by an authenticated attacker, enabling execution of arbitrary operating system commands with root privileges. Such exploitation poses significant risks to system integrity and confidentiality, necessitating immediate attention from affected users to upgrade to the patched versions to mitigate potential threats.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T18:51:34.460Z,0
CVE-2024-22224,https://securityvulnerability.io/vulnerability/CVE-2024-22224,Dell Unity Vulnerability: Arbitrary OS Command Execution,"The Dell Unity storage solution, specifically versions prior to 5.4, contains a significant OS Command Injection vulnerability within its svc_nas utility. This flaw allows authenticated attackers to bypass the restricted shell environment, potentially gaining the ability to execute arbitrary operating system commands with root privileges. This could lead to severe implications, including unauthorized access and manipulation of the underlying operating system.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T18:48:31.147Z,0
CVE-2024-22230,https://securityvulnerability.io/vulnerability/CVE-2024-22230,Dell Unity vulnerable to Cross-site scripting attack,"
Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser.

",Dell,Unity,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-02-12T18:45:18.975Z,0
CVE-2024-22228,https://securityvulnerability.io/vulnerability/CVE-2024-22228,Dell Unity Vulnerability Allows Arbitrary Command Execution,"Dell Unity, specifically versions prior to 5.4, is susceptible to an OS Command Injection vulnerability in the svc_cifssupport utility. This flaw permits authenticated attackers to escape the restricted shell environment, granting them the capability to execute arbitrary operating system commands with elevated root privileges. Such exploitation could compromise system integrity and lead to severe security breaches. Organizations using affected Dell Unity products should prioritize applying the relevant security updates to mitigate these risks effectively.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T18:40:56.704Z,0
CVE-2024-22227,https://securityvulnerability.io/vulnerability/CVE-2024-22227,Dell Unity Vulnerability: Authenticated Attackers Can Execute Commands with Root Privileges,"Dell Unity, specifically in versions prior to 5.4, is affected by an OS Command Injection vulnerability found in its svc_dc utility. This flaw allows an authenticated attacker to execute system-level commands, potentially gaining root privileges. Exploitation of this vulnerability poses a significant risk to the security and integrity of the system, allowing unauthorized access to sensitive operations and data.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T18:37:41.561Z,0
CVE-2024-0164,https://securityvulnerability.io/vulnerability/CVE-2024-0164,Dell Unity Vulnerability: Arbitrary Command Execution with Elevated Privileges,"Dell Unity is impacted by an OS Command Injection vulnerability associated with its svc_topstats utility. This flaw allows an authenticated attacker to exploit the vulnerability, leading to the execution of arbitrary commands with elevated privileges. It is crucial for users operating versions prior to 5.4 to apply available patches and updates to mitigate the risk associated with this vulnerability, thus safeguarding their systems against potential exploitation.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T18:34:32.413Z,0
CVE-2024-0165,https://securityvulnerability.io/vulnerability/CVE-2024-0165,Dell Unity Vulnerability: Arbitrary OS Command Execution,"The vulnerability in Dell Unity’s svc_acldb_dump utility allows an authenticated attacker to execute arbitrary operating system commands with root privileges. This issue affects all versions prior to 5.4, posing significant security risks to systems using these versions. Exploitation could enable unauthorized access to sensitive system functions and data, which may lead to severe consequences for affected users.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T18:30:52.482Z,0
CVE-2024-0166,https://securityvulnerability.io/vulnerability/CVE-2024-0166,Dell Unity Vulnerability: Arbitrary OS Command Execution,"The OS Command Injection vulnerability in Dell Unity allows an authenticated attacker to exploit the svc_tcpdump utility, potentially leading to the execution of arbitrary operating system commands with elevated privileges. This vulnerability is present in versions of Dell Unity prior to 5.4, underscoring the importance of updating to ensure system security. Users must remain vigilant and implement security best practices to mitigate any potential risks associated with this vulnerability.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T18:27:42.833Z,0
CVE-2024-0167,https://securityvulnerability.io/vulnerability/CVE-2024-0167,Dell Unity Vulnerability: Arbitrary File Overwrite with Root Privileges,"The vulnerability in Dell Unity relates to an OS Command Injection flaw within the svc_topstats utility. This allows an authenticated attacker to exploit the system, resulting in the potential overwriting of arbitrary files on the file system with elevated root privileges. Such exploitation threatens the integrity and confidentiality of data stored on affected systems, making it essential for users to upgrade to version 5.4 or later to mitigate risks. Users are advised to follow the guidelines provided in the vendor's advisory for securing their installations.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T18:23:44.036Z,0
CVE-2024-0168,https://securityvulnerability.io/vulnerability/CVE-2024-0168,Dell Unity Command Injection Vulnerability Affects Authenticated Users,"A command injection vulnerability exists in the svc_oscheck utility of Dell Unity systems, which could be exploited by authenticated attackers to execute arbitrary operating system commands. This flaw allows unauthorized command execution with elevated privileges, potentially jeopardizing the integrity and security of the impacted systems. It is crucial for organizations utilizing affected versions to apply security updates to mitigate risks associated with this vulnerability.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T18:20:20.241Z,0
CVE-2024-0169,https://securityvulnerability.io/vulnerability/CVE-2024-0169,Dell Unity Vulnerability Allows Cross-Site Scripting Attacks,"Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.",Dell,Unity,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-02-12T18:13:20.331Z,0
CVE-2024-0170,https://securityvulnerability.io/vulnerability/CVE-2024-0170,Dell Unity Vulnerability Allows Arbitrary Command Execution,"Dell Unity, versions prior to 5.4, contains a significant OS Command Injection vulnerability in the svc_cava utility. This flaw allows an authenticated attacker to escape the restricted shell, enabling the execution of arbitrary operating system commands with root privileges. The potential impact of this vulnerability highlights the importance of timely updates and patches to mitigate risks associated with unauthorized access and control over critical systems.",Dell,Unity,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-12T18:08:36.793Z,0
CVE-2024-22229,https://securityvulnerability.io/vulnerability/CVE-2024-22229,Log Spoofing Vulnerability in Dell Unity from Dell,"Dell Unity versions prior to 5.4 are affected by a vulnerability that allows authenticated attackers to spoof log messages. By exploiting this weakness, an attacker can create misleading log entries, generate false alarms, and inject malicious content into system logs, significantly compromising their integrity. Additionally, the attacker may prevent the logging of critical information while executing harmful actions, or could implicate an innocent user in malicious activities. This vulnerability underscores the importance of securing logging mechanisms to maintain the integrity of system operations.",Dell,Unity,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-01-24T16:17:57.906Z,0
CVE-2023-43082,https://securityvulnerability.io/vulnerability/CVE-2023-43082,Man-in-the-Middle Vulnerability in Dell Unity VSA and Unity XT,"Dell Unity prior to version 5.3 is susceptible to a man-in-the-middle vulnerability within its vmadapter component. This issue arises when a customer uses a certificate issued by a third-party public Certificate Authority. An attacker could exploit this vulnerability by spoofing the vCenter CA, provided they can obtain a CA-signed certificate. This could potentially compromise the security of user data and communications.",Dell,Unity,5.9,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-11-22T17:15:00.000Z,0
CVE-2023-43067,https://securityvulnerability.io/vulnerability/CVE-2023-43067,XML External Entity Injection Vulnerability in Dell Unity Products,"Dell Unity versions prior to 5.3 are susceptible to an XML External Entity (XXE) injection vulnerability. An attacker exploiting this issue could gain access to sensitive files on the local filesystem, potentially leading to further security implications. Users are encouraged to update their systems to the latest version to mitigate this risk.",Dell,Unity,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-10-23T16:15:00.000Z,0
CVE-2023-43066,https://securityvulnerability.io/vulnerability/CVE-2023-43066,Restricted Shell Bypass in Dell Unity Product by Dell,"Dell Unity systems prior to version 5.3 are susceptible to a Restricted Shell Bypass vulnerability. An authenticated, local attacker can exploit this flaw by accessing the device's command-line interface (CLI) and executing specific commands, potentially leading to unauthorized actions within the system environment. This highlights the importance of keeping your Dell Unity products updated to mitigate the risk of such vulnerabilities.",Dell,Unity,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-10-23T16:15:00.000Z,0
CVE-2023-43065,https://securityvulnerability.io/vulnerability/CVE-2023-43065,Cross-Site Scripting Vulnerability in Dell Unity Products,"Dell Unity versions before 5.3 are susceptible to a Cross-Site Scripting vulnerability. This flaw allows low-privileged authenticated attackers to exploit the system, potentially leading to escalated privileges and unauthorized access. It is crucial for users of affected Dell Unity products to apply available security updates to mitigate risk.",Dell,Unity,5.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-10-23T15:15:00.000Z,0
CVE-2023-43074,https://securityvulnerability.io/vulnerability/CVE-2023-43074,Arbitrary File Creation Vulnerability in Dell Unity by Dell,Dell Unity 5.3 has a vulnerability that allows remote unauthenticated attackers to create arbitrary files on the server by sending specially crafted requests. This may lead to unauthorized access or manipulation of sensitive data and poses a significant threat to the integrity of the system. It is essential for users to apply the latest security updates provided by Dell to mitigate this risk and protect their infrastructure.,Dell,Unity,5.2,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2023-10-23T15:15:00.000Z,0
CVE-2022-22564,https://securityvulnerability.io/vulnerability/CVE-2022-22564,Insecure Cryptographic Algorithm in Dell EMC Unity Products,"Dell EMC Unity prior to version 5.2.0.0.5.173 employs a broken cryptographic algorithm that may be exploited by remote unauthenticated attackers. This vulnerability facilitates man-in-the-middle (MitM) attacks, allowing attackers to potentially gain access to sensitive information. Proper security measures and updates are essential to mitigate risks associated with this vulnerability.",Dell,Unity,5.9,MEDIUM,0.0016299999551847577,false,,false,false,false,,,false,false,,2023-02-14T15:34:09.480Z,0
CVE-2022-29085,https://securityvulnerability.io/vulnerability/CVE-2022-29085,Plain-Text Password Storage Vulnerability in Dell Unity Products,"A vulnerability has been identified in Dell Unity, Dell UnityVSA, and Dell Unity XT products that allows plain-text storage of passwords when certain off-array tools are executed. This flaw affects versions prior to 5.2.0.0.5.173, potentially enabling a local malicious user with elevated privileges to access sensitive credentials stored in plain text. If exploited, this can lead to unauthorized access and control over the system, significantly increasing the risk of further attacks.",Dell,Unity,6.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-06-02T21:15:00.000Z,0
CVE-2022-29084,https://securityvulnerability.io/vulnerability/CVE-2022-29084,Authentication Vulnerability in Dell Unity Products,"The Dell Unity, Dell UnityVSA, and Dell Unity XT systems prior to version 5.2.0.0.5.173 exhibit a vulnerability that allows excessive authentication attempts through the Unisphere GUI. This weakness can be exploited by remote, unauthenticated attackers, enabling them to conduct brute-force attacks on user passwords. If users employ weak passwords, there is a significant risk of account takeover, giving malicious actors unauthorized access to the affected systems.",Dell,Unity,8.1,HIGH,0.003590000094845891,false,,false,false,false,,,false,false,,2022-06-02T21:15:00.000Z,0